Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

[boto3] An error occurred (UnrecognizedClientException) when calling the Retrieve operation: The security token included in the request is invalid.

0

Hi All, I am trying to access my knowledge base using the Claude Instant Foundation model. I am facing this error "[boto3] An error occurred (UnrecognizedClientException) when calling the Retrieve operation: The security token included in the request is invalid". How can I resolve this issue? It is throwing an error while retrieving the knowledge base. Any ideas?

sts_client = boto3.client("sts", aws_access_key_id=project_settings.AWS_ACCESS_KEY_ID, 
  aws_secret_access_key=project_settings.AWS_SECRET_ACCESS_KEY)


resp = sts_client.get_session_token()


bedrock_runtime = boto3.client(
            'bedrock-runtime',
            aws_access_key_id=resp['Credentials']['AccessKeyId'],
            aws_secret_access_key=resp['Credentials']['SecretAccessKey'],
            aws_session_token=resp['Credentials']['SessionToken'],
            region_name="***"
        )


retriever = AmazonKnowledgeBasesRetriever(
    knowledge_base_id="***",
    region_name=region,
    aws_access_key_id=resp['Credentials']['AccessKeyId'],
    aws_secret_access_key=resp['Credentials']['SecretAccessKey'],
    aws_session_token=resp['Credentials']['SessionToken'],
    retrieval_config={"vectorSearchConfiguration": {"numberOfResults": 4}},
)


model = ChatBedrock(
    client=bedrock_runtime,
    region_name=region,
    model_id="anthropic.claude-instant-v1",
    model_kwargs=model_kwargs,
)


chain = (
    RunnableParallel({
        "context": itemgetter("question") | retriever,              #the error is throwing in this line==================================
        "question": itemgetter("question"),
        "history": itemgetter("history"),
    })
    .assign(response=prompt | model | StrOutputParser())
    .pick(["response", "context"])
)


chain_with_history = RunnableWithMessageHistory(
    chain,
    lambda session_id: DynamoDBChatMessageHistory(table_name="***", session_id=session_id),
    input_messages_key="question",
    history_messages_key="history",
    output_messages_key="response",
)


config = {"configurable": {"session_id": session_id}}


response = chain_with_history.invoke({"question": query,"aws_access_key_id":resp['Credentials']['AccessKeyId'],
            "aws_secret_access_key":resp['Credentials']['SecretAccessKey'],
            "aws_session_token":resp['Credentials']['SessionToken']}, config=config)
Topics
AnalyticsMachine Learning & AIDatabaseGenerative AI on AWS
Tags
Knowledge Bases for Amazon BedrockAmazon OpenSearch ServerlessAmazon Bedrock
Language
English
asked 2 years ago830 views
1 Answer
0

Hello,

There could be be two cases:

Case 1:
Seems you were trying to create client session using temporary credentials. If you are assuming a role to generate the temporary credentials, then aws_session_token needs to be passed. You can refer the boto3 documentation

Example:

bedrock_runtime = boto3.client(service_name="bedrock-runtime", aws_access_key_id=project_settings.AWS_ACCESS_KEY_ID, aws_secret_access_key=project_settings.AWS_SECRET_ACCESS_KEY, aws_session_token=project_settings.AWS_SESSION_TOKEN, region_name="***")

Case 2:

In case if you are using long-term access key, Check if the AWS access key and secret access key is correct.

As a best practice, use temporary security credentials (such as IAM roles) instead of creating long-term credentials like access keys. Before creating access keys, review the alternatives to long-term access keys.

AWS
answered 2 years ago
  • Vinitha
    2 years ago

    Thank you for the reply. I tried the above thing suggested by you, and I am still facing the same issue.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content